Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 106
  • Last Modified:

Windows Time Server

One of our NTP time servers is a standalone physical server. It gets its time from external time sources. This server is being replaced by a server which will be joined to our active directory.  I realize all computers joined to a domain get their network time from the Domain Controllers. Hopefully it can still be used as a network time server.

Unfortunately our time clients are configured with an IP address instead of a dns name. The replacement server will inherit the old server's IP address so changes to the client's time config should not be needed.

Can this new server (joined to the AD) still be configured to go the internet to get time and act as a time server?  

The old server is Windows 2003 sp2 stand alone.  New server is Windows 2008 R2.
0
epmmis
Asked:
epmmis
  • 3
  • 2
2 Solutions
 
it_saigeDeveloperCommented:
It can, but as you stated domain computers are configured, by default, to obtain their time source from the Domain Hierarchy.  This domain time source is recommended to be the PDC Emulator.  Otherwise, you can configure group policies so that the domain computers can get their time from a different source, in this case, the time server will be treated as an external time source.

-saige-
0
 
Dan McFaddenSystems EngineerCommented:
To be even more specific... the PDC FSMO holder should  be configured to be the only DC to go to an external (reliable) time source.  All other DCs (FSMO holder or not) reference the PDC Role holder as a trust time device.  Then all domain joined clients use the DC infrastructure to get time.

You need to manually configure your PDC Role holder, reference link below:

http://technet.microsoft.com/en-us/library/cc784553(v=ws.10).aspx

I agree with it_saige that you could update your desktops/laptops/workstations with a GPO but as for other devices that pull time via IP, those should be pointed to the DC which holds the PDC FSMO.

As a 2nd option, you could DCPromo the replacement server and then transfer the PDC Role to it.  Then follow the instructions in the link above to configure the PDC Role holder as a reliable time source for the domain.  But I do not know what your domain looks like, how your network is setup or where all the DC exist on the network.

Dan
0
 
epmmisAuthor Commented:
I am sorry did not make my request clear.  The domain will continue to use the PDC emulator DC to get their time.  This is not an attempt to change how the domain processes time.

This new server will be the time source for other physical servers, such as my linux servers.  My domain controllers (and most of my AD) is virtualized.  It is best the physical host servers and my linux servers get their time from a physical server independent of the virtualize domain controllers.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
it_saigeDeveloperCommented:
My post may have been overcomplicated.  In short, yes, you can do whay you want.

-saige-
0
 
it_saigeDeveloperCommented:
I might add, though, since you are implementing (or redeploying) your own time server, that already connects to an external time source, there is nothing that states that your PDC emulator cannot use this server as it's external time source.  This might also be a best practice so that you do not request time updates too frequently from your external source(s).

-saige-
0
 
Dan McFaddenSystems EngineerCommented:
I agree with it_saige.  If this redeployed server is configured as a trusted time source, you can point the PDC Holder to that device.  This also allows you to reduce the outbound NTP traffic and limit it to only this physical server.

BTW, external time source refers to a device providing reliable NTP services, that is not contained within the PDC holder server.  The external time source can easily be an NTP device on the internal network.

Whether or not your reliable NTP server is inside of outside your network, in no way dictates the frequency of time update requests.  The frequency of updates is dictated by the configuration of the service making the requests.

Dan
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now